Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

RTU500 series CMU firmware

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2024-2617
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.2||HIGH
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 12:57
Updated-01 Aug, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-RTU500 series CMU firmwarertu500_firmware
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2024-1532
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 01:52
Updated-01 Aug, 2024 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-RTU500 series CMU firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1531
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-8.2||HIGH
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 01:45
Updated-05 Aug, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-RTU500 series CMU firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-2081
Assigner-Hitachi Energy
ShareView Details
Assigner-Hitachi Energy
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.80%
||
7 Day CHG+0.01%
Published-04 Jan, 2024 | 09:15
Updated-22 May, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu560rtu520_firmwarertu540_firmwarertu560_firmwarertu520rtu530_firmwarertu530rtu540RTU500 series CMU firmware
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')